Mirror, mirror on the wall. Is my cloud the safest of them all? 5 Reasons why your public cloud disaster recovery plan will fail in real life

Don’t be lulled into a false sense of security that hosting your data in the public cloud makes it infallible. The public cloud has certainly helped businesses to grow but there are still data security and privacy concerns you would be well-advised to heed. If all your data is stored in the public cloud and your cloud data becomes unavailable or unreachable due to, for example, an outage or a ransomware or DDoS attack, your business will come to a complete standstill. Just think about the recent outage in Amazon’s cloud computing network. It caused severe disruptions to services across a wide range of companies for hours. Not to mention the fact that cybercriminals regularly exploit public cloud services to deliver remote access trojans (RAT) files and steal sensitive information. 

If any of these scenarios happen, do you have a contingency plan and are you able to recover your data from another cloud provider?  Yes, embracing the public cloud means increased speed and scalability, but what happens when a disaster – natural disasters, outages, breaches, or even employee errors – strikes? Will the resulting impact on your data and other IT assets cripple your business, or will you remain up and running? 

You need a well-executed disaster recovery plan that includes Cloud Provider Resilience (CPR™). As the term suggests, your data is stored in the cloud and duplicated or backed up, enabling you to immediately retrieve or access that information should your cloud service be compromised. Additionally, you have to make sure you avoid these 5 pitfalls when planning your disaster recovery strategy. 

1 Failing to identify disaster recovery dependencies

When it comes to disaster recovery, there is no such thing as a one-size-fits-all solution and having your data in the cloud is not a cover-all. It is important to understand that even the top-tier public and private cloud providers can and do have outages. Still, many organizations do not invest the time to thoroughly understand and identify disaster recovery dependencies. They often rely on a single backup system or store backups in the same location (in this case the public cloud) as the original data. Disaster recovery plans often include backup and data retention strategies that do not map the dependencies and requirements to ensure a smooth disaster recovery strategy. Are you prepared to recover your data to another provider should there be a prolonged outage?

2 Not including staff in disaster recovery planning

It was two-times United States president Ike Eisenhower who said, “plans are useless, but planning is indispensable”. The same can be said for disaster recovery planning. Many organizations overlook the importance of involving their staff in the disaster recovery planning process and may find themselves at a disadvantage when disaster strikes. For example, should a cloud outage occur, will your staff know and are there procedures in place for them to securely connect to the new site? This can be a costly mistake, as employees are often the first responders in the event of a disaster. Without proper training or a clear plan of action, they may not be able to effectively manage the situation.. 

3 Failing to revisit and test your disaster recovery plan

Your disaster recovery plan is only good if it is up to date. As an example, if your cloud or hosting provider goes down and you have managed to fail over to another site, is the network connectivity in place to connect to the new site inside your required RTO? That’s why you should regularly revisit and test your disaster recovery plan. By doing so, you can be sure that it will be effective in the event of an actual disaster. Testing can be done by conducting a “tabletop exercise” or by running periodic backups and then try to restore them. This will help you to identify any weaknesses in your data backup and recovery procedures. 

Thinking you’re fully protected … but you’re really not

Many businesses assume their data is fully protected simply because they store their data using the public cloud. They often disregard other backup and disaster recovery methods. Even though major providers claim to have redundancy built into their infrastructure, there have been many instances of redundancy failures and system outages. Relying solely on your public cloud storage is a dangerous practice. Organizations should ensure they have a contingency backup with a different cloud provider to minimize the impact of a potential cloud outage. Ensuring that you choose a compatible cloud provider as your DR site also goes a long way.

5 Failing to protect against data corruption and malware 

There are still many people who believe that once they are in the cloud, there is no need for backups, a DR plan or network security and that all of this is looked after by the public cloud provider. This is NOT true! Data corruption can occur for a variety of reasons with Malware, such as viruses and ransomware, being the main culprits causing severe damage to data.  Despite the frequency of these high-profile incidents, organizations still fail to detect malware in backup environments. Threat actors have become more sophisticated, creating ransomware programs that are dormant long enough to be included in data backups, removing the ability to defend against attacks with a simple recovery of the most recent data. This is a further confirmation that you do need a contingency plan. 

Final thoughts

Public cloud outages have taught us to prepare for the unexpected. However, all too often, businesses rely on disaster recovery strategies that do not consider the fact that their cloud service provider could experience an outage or fall victim to a cyberattack. Businesses also erroneously think they are fully protected simply because they host their data in the cloud. In addition, they also neglect basic considerations such as failing to test their disaster recovery plans and not including their staff, who are usually the first responders when disaster strikes, in their disaster recovery planning. This means their disaster recovery plan will inevitably fail during an actual disaster. 

Stage2Data’s Cloud Provider Resiliency CPR™ provides resilience, redundancy and recoverability between multiple cloud platforms. It ensures that your data and servers are always available whether they are in the public and/or private cloud. When storing and transferring data from one cloud location to another, CPR™ ensures that data is kept secure. It safeguards against disasters such as data breaches, by encrypting data in flight and at rest, and cyberattacks such as ransomware, deletion, or unauthorized encryption. Our expert CPR™ team will work closely with you throughout the recovery planning and implementation process so that when disaster strikes, your business is prepared.

Can You Tell if Your Data
Recovery is Predictable?